what3words Address Field < 4.0.0 – Admin+ Sensitive Information Disclosure | CVE 2021-4428 | Plugin Vulnerabilities

Description

A vulnerability has been found in what3words Autosuggest Plugin up to 4.0.0 on WordPress and classified as problematic. Affected by this vulnerability is the function enqueue_scripts of the file w3w-autosuggest/public/class-w3w-autosuggest-public.php of the component Setting Handler. The manipulation leads to information disclosure. The attack can be launched remotely. Upgrading to version 4.0.1 is able to address this issue. The patch is named dd59cbac5f86057d6a73b87007c08b8bfa0c32ac. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-234247.

Affects Plugins

3-word-address-validation-field

Fixed in 4.0.0

References

CVE

Classification

Type

SENSITIVE DATA DISCLOSURE

OWASP top 10

A3: Sensitive Data Exposure

CWE

CVSS

Miscellaneous

Original Researcher

VulDB GitHub Commit Analyzer

Verified

No

WPVDB ID

510a0796-3784-42ad-8155-07a53de1e1c1

Timeline

Publicly Published

2023-07-18 (about 2 years ago)

Added

2023-07-20 (about 2 years ago)

Last Updated

2023-07-20 (about 2 years ago)

Other

Published

Title

Published

2022-03-30

Title

Be POPIA Compliant < 1.1.6 - Unauthenticated Sensitive Information Exposure

Published

2026-04-27

Title

Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin < 1.6.11.2 - Unauthenticated Sensitive Information Exposure

Published

2023-11-30

Title

JetBackup < 2.0.9.9 - Directory Listing Exposing Backups

Published

2026-02-03

Title

Chapa Payment Gateway Plugin for WooCommerce <= 1.0.3 - Unauthenticated Sensitive Information Exposure

Published

2025-10-26

Title

Shortcodes and extra features for Phlox <= 2.17.12 - Unauthenticated Information Exposure